build(deps): bump golang.org/x/net from 0.33.0 to 0.36.0#507
Conversation
|
The failing tests don't appear to be due to a fluke, but I don't have time to dig into the underlying cause this week |
This looked very familiar, so I looked into it. Something changed outside this repo and its tests. It's related to this one-time release pipeline error: hashicorp/terraform-provider-random#663. As a result, the Registry API returns an empty list of protocol versions for terraform-provider-random v3.7.0-alpha1. The last Protocol v4 version of the random provider is v2.3.1. I reconstructed the failing test locally and observed that Terraform 0.11.15 installs v3.7.0-alpha1. To solve this: I'd prefer to backfill the right data in the Registry -- if possible -- rather than work around it here. My team maintains the random provider, and I will look into this. |
|
While the linked issue was closed, we continue seeing the failures, such as all linked to Terraform My theory is that this is connected to the latest version of the What is unclear to me is how exactly Terraform 0.11 so far managed to ignore all the 3.0.0 versions practically without provider constraints. I assume this is a detail hidden somewhere in the Registry API? Some possible solutions:
provider "null" {
version = ">= 2"
}@bbasata do you have any preferences? I'm inclined to (1), so I'll raise a PR that does that. Since the tests are parametrised anyway, anyone can still run them on demand if they wish to, they just won't run on every PR anymore and so we may end up introducing changes that break terraform-exec's 0.11 compatibility. I don't think that is a problem since tfexec never explicitly stated compatibility for Terraform versions. We just assumed that people use the library in automation in contexts where older versions are far more likely to occur. |
I'm happy with this choice 😃 |
|
@dependabot rebase |
|
Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry! If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request |
f0a936f to
8bf7f38
Compare
|
@dependabot rebase |
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.33.0 to 0.36.0. - [Commits](golang/net@v0.33.0...v0.36.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
8bf7f38 to
8cecd80
Compare
Bumps golang.org/x/net from 0.33.0 to 0.36.0.
Commits
85d1d54go.mod: update golang.org/x dependenciescde1ddaproxy, http/httpproxy: do not mismatch IPv6 zone ids against hostsfe7f039publicsuffix: spruce up code gen and speed up PublicSuffix459513dinternal/http3: move more common stream processing to genericConnaad0180http2: fix flakiness from t.Log when GOOS=jsb73e574http2: don't log expected errors from writing invalid trailers5f45c77internal/http3: make read-data tests usable for server handlers43c2540http2, internal/httpcommon: reject userinfo in :authority1d78a08http2, internal/httpcommon: factor out server header logic for h2/h30d7dc54quic: add Conn.ConnectionStateDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.